Info Advantage Blog

Augmented reality is a growing trend in the technology industry, and perhaps one of the best known uses of it today can be found in the extremely popular mobile device app, Pokemon Go. However, hackers have seized the opportunity to infect players who want to “catch ‘em all” with a backdoor called DroidJack - something that certainly won’t help gamers “be the very best.”

The Pokemon series has long been known as one of Nintendo’s most popular gaming franchises, and with the release of Pokemon Go, the series has finally made its way to everyday mobile device users. It’s currently ranked as the #1 most downloaded free app on the Apple Store, as well as the Google Play store. The game was such a hit that Nintendo’s stock increased exponentially overnight, and the app has over 26 million users worldwide - more than Tinder, Twitter, Google Maps, and other mobile apps.

However, like many extremely popular things, hackers have taken this and exploited it to do their bidding. Prior to the app’s release worldwide, many impatient fans downloaded the APK (Android application package) from third-party websites and “side-loaded” it onto their devices. This can only be done by going into Android’s settings and allowing app installation from unknown sources. Normally, this is a red flag for any security-minded mobile device user, as some malware is known to infect devices and download apps without the permission of the user; yet, some Pokemon fans just couldn’t wait, and downloaded the APK without thinking of the consequences; like downloading a backdoor.

Considering how many countries outside the United States, Australia, and New Zealand, are still waiting for access to Pokemon Go, many have chosen to just use the APK to get the app on their device, rather than wait for the official release. One particular source of the APK provides a modified version of Pokemon Go that, upon installation, installs a backdoor onto the device, which allows for remote access to the device and provides full control over the victim’s phone. The infected version of Pokemon Go is so well-done and inconspicuous that the user likely won’t know that their device has been infected. Security firm Proofpoint suggests that it’s entirely possible that, should infected devices connect to your network, networked resources can also be put at risk.

Take a look at the DroidJack-infected app’s permission request, and see for yourself just how strange they might look.

https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig2.png
https://www.proofpoint.com/sites/default/files/users_content/10/pokemon-fig3.png

When downloading any app, it’s crucial that you drive this best practice into the heads of your employees: be sure to pay attention to the permissions required by the apps that you download. For example, there’s no real reason why Pokemon Go would need to make phone calls, edit and send text messages, modify your contacts, and record audio. All of this is just asking for disaster. While exploitation of the APK hasn’t been observed in the wild, it represents a dangerous development in mobile applications, one which shows hackers taking advantage of wildly popular smartphone apps, and turning them into catalysts to spread their malware and influence.

There are two lessons to be learned. Don’t download apps from unknown sources, even if they’re just games, and make sure that your employees know what your policy on mobile apps is on your in-house network. Also, be sure to examine a new app’s permissions, and only download them from the Apple store or Google Play store. Among your millennial workforce, there may be many users of Pokemon Go, so it’s your responsibility to reach out to them, and educate them on these best practices.

After all, “Gotta catch ‘em all,” doesn’t refer to malware infections.

27 vulnerabilities: The amount of vulnerabilities that were resolved with the round of security patches in Microsoft’s latest Patch Tuesday. Windows, Microsoft Office, Internet Explorer, the Edge browser, and more, were all affected. It’s important to patch these vulnerabilities as soon as possible, especially if you haven’t done so already.

However, if you’ve already applied the latest security patches, you have little to fear. We thought we’d share some background information on the nature of the vulnerabilities, and why Microsoft had to patch them in the first place. If you haven’t yet applied these patches, it will be good to know what you’re exposing your systems to, and why it’s important to get them fixed.

For Microsoft Office, Internet Explorer, and Edge, they are critically in danger of being exploited remotely through web pages or Office documents. This could allow hackers to execute malicious code and do your business harm. Read more about these patches on Microsoft’s security bulletin:

Patch for Microsoft Office: MS16-099
Patch for Internet Explorer: MS16-095
Patch for Edge: MS16-096

Even more critical vulnerabilities were found to affect Windows, Microsoft Office, Skype, and Lync, which have to do with the Windows Graphics Component. This could allow hackers to execute malicious code through malicious web pages or documents.

Patch for Windows, Microsoft Office, Skype, and Lync: MS16-097

In another security bulletin, Microsoft claims that a critical remote code execution flaw exists in Windows PDF Library, which is bundled with Windows 8.1, Windows RT 8.1, Windows 10, Windows Server 2012, and Windows Server 2012 R2. This vulnerability affected Edge in a different way from usual, and allows attackers to take advantage of malicious PDF documents hosted on a website, and then trick users to loading the file within their Edge browser.

Patch for Windows PDF Library: MS16-102

Other patches that have been flagged by Microsoft as “important,” rather than “critical,” can be found below. However, it’s important to note that even if they aren’t critical, they certainly shouldn’t be ignored.

MS16-101
MS16-100
MS16-098

If you haven’t yet updated your system with these security patches, you should reach out to Info Advantage at (585) 254-8710. Our technicians will work with you to ensure that your systems are protected and patched against the myriad of threats that can be found both online and offline.

Of course, if you already have Info Advantage’s remote monitoring and maintenance services, chances are that your systems have already been patched. In fact, we apply the patches for any product of Microsoft, so that you don’t have to. It’s just one way that managed IT service can help your business stay focused on what really matters.

Your identity has quite a lot of value, especially in the wrong hands. Security firm ZoneAlarm put together some numbers in 2011 concerning identity fraud, and it even shocked us. Let's talk about a few of these statistics and what it means.

Hackers have always gone after industries that are profitable, or hold sensitive information that can be lucrative when sold under the table. As such, retailers that accumulate financial credentials are often hit by hacks. The entertainment industry is no different, and hackers continue to grow craftier in their pursuit of wealth and power. Not even Steam, the PC gamer’s most valuable software solution, is safe from the dangers of hacking attacks.

Which database management system is running on your company’s server units? For end users, it’s not something that they put a whole lot of thought into. However, if you completely overlook your Microsoft SQL Server, you may end up running an expired version that puts your data at risk. Case in point, SQL Server 2005, which Microsoft recently ended support for.

Hackers have proven that they will do whatever it takes to get to your valuable assets, even if it means taking advantage of physical objects that work alongside a specific frequency. As it turns out, this is exactly how hacking a garage door works, and all it takes is a decade-old communications device to capture the frequency and unlock any garage door that utilizes it.